At 12:34 PM -0700 4/29/06, Dave Crocker wrote:
A specification for doing signature validation should not use
heuristics. It needs to have simple, mechanical, universal
procedures that produce a binary valid/invalid result and produce
those same results anywhere the validation is attempted.
Fully agree, but that's not what was being discussed. The
specification should not prevent the verifier from trying other
things to get a signature to verify unless there is a significant
security issue in doing so. We don't have to encourage (or even
mention) making multiple attempts with expected changes on a message,
but we should not prohibit it either.
A specification for processing a message well might suggest use of
heuristics and well might produce very different results, depending
upon where the processing is performed.
Too many softeners in that.
Anything that confuses these two, very different types of activity
makes it more likely that the entire DKIM effort has fuzzy meaning,
and therefore fuzzy benefit, and therefore is questionable to adopt.
A verifier that chooses to try heuristic message modifications in
order to get a positive result for verification does not change the
meaning of DKIM at all, unless those modifications can come from an
plausible attack. As I stated in my previous message, given that this
attack would require a preimage attack, it is not plausible.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html